English 中文(简体)
如何使用BPF过滤器过滤包装箱的有效载荷?
原标题:how to use BPF filter to filter packet payload?

I need to do a homework about analysis some packets.
I found that BPF filtering is a good thing for my homework, I want to filter all packet that have a payload that start with a specific string like "Test it". The packets are combination of TCP,UDP,ICMP and some may not even have a payload.
How can I set the filter?

问题回答

I found the answer,
http://www.foo.be/cours/dess-20112012/bpf/bpf.pdf

in this pdf, there is a place talking about BPF syntax to filter payload. The following is from the pdf, in this way, we can use the BPF to skip the header
An example, you want to match "GE" string in a TCP payload :
echo -n "GE" | hexdump -C
00000000 47 45 |GE|
sudo tcpdump -s0 -n -i ath0 "tcp[20:2] = 0x4745"

时间:2014-03-26 10:28:08

如何过滤<代码>的典型例子 HTTP GET 带有倾角和BPF过滤器的申请

tcp[((tcp[12:1] & 0xf0) >> 2):4]

There is a good explanation about above filter in details https://security.stackexchange.com/questions/121011/wireshark-tcp-filter-tcptcp121-0xf0-24 https://wiki.wireshark.org/CaptureFilters

时间:2023-06-06 07:45:28


上一篇:
下一篇:


相关问题
C# Networking API s [closed]

Lately I ve been looking for a good networking API i could possibly use and/or reference some of the code within, but i have mere luck searching for some on Google/Bing. Hopefully somebody here has ...

时间:2009-11-16 21:40:08 回答:4 展示:1
Listen to a port that is in use [duplicate]

Possible Duplicate: Get connecting IP from specified ports that using by other program. If a port is used by a program, is there any way I can listen that port and get the connected IP on that ...

时间:2009-11-15 22:02:25 回答:3 展示:1
Twisted Spread suitable for multiplayer racing sim?

Do you think that Twisted Spread may be suitable (in terms of performance) for a multiplayer racing simulator? The rest of the application is based on Python-Ogre. Can Perspective Broker run upon (...

时间:2009-11-14 01:49:39 回答:2 展示:1
Optimizing a LAN server for a game

I m the network programmer on a school game project. We want to have up to 16 players at once on a LAN. I am using the Server-Client model and am creating a new thread per client that joins. ...

时间:2009-11-13 19:10:50 回答:1 展示:1
multicast ip address - blocked in call to recvfrom

i am writing a simple multicast application. i intend to run it on localhost. i have done the following: char *maddr; . . . sendfd = socket(...); struct sockaddr_in sasend; sasend.sin_family = ...

时间:2009-11-08 19:01:06 回答:1 展示:1
Java HTTPAUTH

我试图把桌面应用程序连接起来,我是同D.icio.us api @ Delicious Alan书写的,简单地向他们提供我的用户名和密码,并请他把书记上写给我......。

时间:2009-11-07 16:03:37 回答:5 展示:1
热门标签

友情链接

Allggapp Alljchome-教程家园 mvfinale.com-影视剧情大结局大全